[Openswan Users] weird cert reject but can connect? anyone?

Nate Carlson natecars at natecarlson.com
Wed Jun 30 22:02:44 CEST 2004


On Wed, 30 Jun 2004, hallian hallian wrote:
> I see this weird message...... about Issuer cert CA not found and reject
> your x509 cert but still I'm able to connect and ping/map dirve
> etc...... This is very peculiar........ and wondering... why is this
> happening... anyone seen this before?

Looks like you are specifying both a leftcert and a rightcert - from my
experience, if the cert on disk matches the cert that the remote end is
sending, it'll accept it, even if there isn't a matching CA available. The
message should probably be clarified a bit.

IE, normally it'd be rejected because it's not signed by a known CA, but 
since you've got a copy of the cert on disk and it matches what's 
specified with Xcert=, the cert is allowed.

------------------------------------------------------------------------
| nate carlson | natecars at natecarlson.com | http://www.natecarlson.com |
|       depriving some poor village of its idiot since 1981            |
------------------------------------------------------------------------


More information about the Users mailing list